A Bluetooth exploit for the Nintendo Wii.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
Dexter Gerig 5003241e03 README fixup 4 months ago
stage0 Fix .gitignore and add bin files back 4 months ago
.gitignore Fix .gitignore and add bin files back 4 months ago
LICENSE.md Initial commit 9 months ago
Makefile Remove BlueZ dependency 4 months ago
README.md README fixup 4 months ago
bluebomb.c Remove BlueZ dependency 4 months ago
libminibt.c Remove BlueZ dependency 4 months ago
libminibt.h Remove BlueZ dependency 4 months ago
stream_macros.h Initial commit 9 months ago

README.md

BlueBomb

BlueBomb is an exploit for Broadcom’s Bluetooth stack used in the Nintendo Wii.

How do I run it?

You will need a Linux computer to do this! Download the pre-built binaries from the releases page and follow these instructions.

  1. Disable your bluetooth service by running sudo systemctl disable --now bluetooth
  2. Run bluebomb with the arguments to the app-specific payload and the stage1 you would like to run. Ex. sudo ./bluebomb ./stage0/MINI_SM_NTSC.bin stage1.bin for a NTSC Wii Mini’s System Menu. You can also specify which hci device to use with bluebomb by adding before the stage0 and stage1 arguments. Ex. sudo ./bluebomb 1 ./stage0/MINI_SM_NTSC.bin stage1.bin to use HCI1.
  3. Start your Wii and navigate to the app that you are exploiting, for the System Menu you only need to turn on the Wii, you can leave it sitting on the Health and Safety screen.
  4. Turn OFF your wiimote at this point. DO NOT let anything else connect to the console via bluetooth.
  5. Make sure you console is close to your bluetooth adapter, you may have to move it closer to get it in range, this will depend on your adapter.
  6. Click the SYNC button on your console. You may have to click it several times in a row before it sees the computer. You will know it is connected when bluebomb prints “Got connection handle: #” Stop pushing the SYNC button and wait for bluebomb to run, what happens will depend on what stage1.bin you are using. The one from this repo will load boot.elf off the root of a FAT32 formatted USB drive and run it. You can use the HackMii Installer’s boot.elf from here to get the Homebrew Channel.

IMPORTANT: The steps above will have disabled the bluetooth service on your machine to run the exploit. To enable the bluetooth service again run sudo systemctl enable --now bluetooth.

How do I build it?

  1. Run make in the stage0 folder to build stage0.
  2. Run make in the main folder to generate bluebomb.

Support

You can open an issue on this repo, or join the Wii Mini Hacking Discord